<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>C&M-Lab POI-Manager - Logout</title>
<link rel="shortcut icon" type="image/x-icon" href="./images/favicon.ico">
<link rel="stylesheet" type="text/css" href="<%=application.getContextPath()%>/css/global_stylesheet.css">
</head>


<body>
<%-- Layout-fragments  --%>
<%@include file="/header.jspf"%>
<%@include file="/menu.jspf"%>

<h1>logout.jsp</h1>


<%-- User Logout: Invalidating HTTP and HTTPS Session  --%>
<%
	out.println("Your Session-ID =" + session.getId());
	// Standard HTTP session invalidation
	session.invalidate();	
	out.println("</br>HTTP-SessionId Invalidated: session.invalidate();</br>");
	
	//if SSL session alive - Tomcat specific
	if ((org.apache.tomcat.util.net.SSLSessionManager) request.getAttribute("javax.servlet.request.ssl_session_mgr") != null)
	{
		
		out.println("<p></br></p> 	SSL Session ID" + request.getAttribute("javax.servlet.request.ssl_session_id"));
		// Invalidate the SSL Session
		org.apache.tomcat.util.net.SSLSessionManager mgr = (org.apache.tomcat.util.net.SSLSessionManager) 
															request.getAttribute("javax.servlet.request.ssl_session_mgr");
		
		mgr.invalidateSession();
		
		out.println("</br>HTTPS-Session Invalidated : SSLSessionManager mgr.invalidateSession()</br>");
		
	}

	// Close the connection since the SSL session will be active until the connection is closed
	response.setHeader("Connection", "close");
%>

<%-- Layout-fragment --%>
<%@include file="/footer.jspf"%>

</body>
</html>